If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

re: ethereal

I would posit that it largely depends upon:

1. your taste
2. the task undertaken
3. your tase

I personally favor ethereal, but I wouldn't say it is the best sniffer. I might say it is the best sniffer for me...but not anyone else. And I employ other sniffing tools if the situation warrants something other than ethereal.

For example, I might use kismet to passively capture 802.11 traffic before using ethereal. I could use ethereal by binding it to the wi-fi card, but I just prefer Kismet for those situations (but i do load the logs into ethereal for analysis !!!).

What other sniffers are you wanting to draw contrasts/comparisions to? I might be able to go more in-depth...

I did have a multitude of links pasted below, but then I realized how important it is to study about what you are actually going to do before you do it. If I just give you a bunch of links to sniffers, and you start sniffing away whereever you please (and btw if your a sniffing your own personal network then that's fine, start sniffing someone else's and you may be visiting bubba's cell). Folks just don't like that stuff anymore and it is very illegal. But back to the subject: you must first learn what you are doing and research is one of the most important parts of that. So you shouldn't want anyone to spoon feed you, when self-study is needed.

If you just want to sniff your local host and are on a switch... then ethereal is my choice.

For sniffing a switched network, then I use ettercap.

Another good one for sniffing a switched network is dsniff. (I haven't used this on as much.)

If you are on a hub... then any sniffer should do the job. The hub will repeat all traffic that hits it. Though... hubs aren't being used that much anymore. People will often use a hub to put behind or infront their routers for an IDS. Other than that... they're almost a waste.

Sometimes, I just use tcpdump or windump.

Just depends on what you are trying to view.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.